fix(graphql-auth-transformer): fixes @auth directives for Admin UI

aws-amplify · Apr 7, 2021 · 8881592 · 8881592
1 parent ad037d1
commit 8881592
Show file tree

Hide file tree

Showing 3 changed files with 105 additions and 34 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1077,37 +1077,37 @@ jobs:
     environment:
       TEST_SUITE: src/__tests__/plugin.test.ts
       CLI_REGION: ap-northeast-1
-  schema-iterative-update-locking-amplify_e2e_tests:
+  migration-node-function-amplify_e2e_tests:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     steps: *ref_4
     environment:
-      TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts
+      TEST_SUITE: src/__tests__/migration/node.function.test.ts
       CLI_REGION: ap-southeast-1
-  migration-node-function-amplify_e2e_tests:
+  api_4-amplify_e2e_tests:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     steps: *ref_4
     environment:
-      TEST_SUITE: src/__tests__/migration/node.function.test.ts
+      TEST_SUITE: src/__tests__/api_4.test.ts
       CLI_REGION: ap-southeast-2
-  function_5-amplify_e2e_tests:
+  schema-iterative-update-locking-amplify_e2e_tests:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     steps: *ref_4
     environment:
-      TEST_SUITE: src/__tests__/function_5.test.ts
+      TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts
       CLI_REGION: us-east-2
-  api_4-amplify_e2e_tests:
+  function_5-amplify_e2e_tests:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     steps: *ref_4
     environment:
-      TEST_SUITE: src/__tests__/api_4.test.ts
+      TEST_SUITE: src/__tests__/function_5.test.ts
       CLI_REGION: us-west-2
   schema-iterative-update-4-amplify_e2e_tests_pkg_linux:
     working_directory: ~/repo
@@ -1719,44 +1719,44 @@ jobs:
       TEST_SUITE: src/__tests__/plugin.test.ts
       CLI_REGION: ap-northeast-1
     steps: *ref_5
-  schema-iterative-update-locking-amplify_e2e_tests_pkg_linux:
+  migration-node-function-amplify_e2e_tests_pkg_linux:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     environment:
       AMPLIFY_DIR: /home/circleci/repo/out
       AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux
-      TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts
+      TEST_SUITE: src/__tests__/migration/node.function.test.ts
       CLI_REGION: ap-southeast-1
     steps: *ref_5
-  migration-node-function-amplify_e2e_tests_pkg_linux:
+  api_4-amplify_e2e_tests_pkg_linux:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     environment:
       AMPLIFY_DIR: /home/circleci/repo/out
       AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux
-      TEST_SUITE: src/__tests__/migration/node.function.test.ts
+      TEST_SUITE: src/__tests__/api_4.test.ts
       CLI_REGION: ap-southeast-2
     steps: *ref_5
-  function_5-amplify_e2e_tests_pkg_linux:
+  schema-iterative-update-locking-amplify_e2e_tests_pkg_linux:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     environment:
       AMPLIFY_DIR: /home/circleci/repo/out
       AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux
-      TEST_SUITE: src/__tests__/function_5.test.ts
+      TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts
       CLI_REGION: us-east-2
     steps: *ref_5
-  api_4-amplify_e2e_tests_pkg_linux:
+  function_5-amplify_e2e_tests_pkg_linux:
     working_directory: ~/repo
     docker: *ref_1
     resource_class: large
     environment:
       AMPLIFY_DIR: /home/circleci/repo/out
       AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux
-      TEST_SUITE: src/__tests__/api_4.test.ts
+      TEST_SUITE: src/__tests__/function_5.test.ts
       CLI_REGION: us-west-2
     steps: *ref_5
 workflows:
@@ -1854,11 +1854,11 @@ workflows:
             - hostingPROD-amplify_e2e_tests
             - amplify-app-amplify_e2e_tests
             - init-amplify_e2e_tests
-            - function_5-amplify_e2e_tests
+            - schema-iterative-update-locking-amplify_e2e_tests
             - predictions-amplify_e2e_tests
             - schema-predictions-amplify_e2e_tests
             - amplify-configure-amplify_e2e_tests
-            - api_4-amplify_e2e_tests
+            - function_5-amplify_e2e_tests
             - function_3-amplify_e2e_tests
             - containers-api-amplify_e2e_tests
             - interactions-amplify_e2e_tests
@@ -1874,22 +1874,22 @@ workflows:
             - schema-key-amplify_e2e_tests
             - analytics-amplify_e2e_tests
             - notifications-amplify_e2e_tests
-            - schema-iterative-update-locking-amplify_e2e_tests
+            - migration-node-function-amplify_e2e_tests
             - schema-auth-10-amplify_e2e_tests
             - hosting-amplify_e2e_tests
             - tags-amplify_e2e_tests
-            - migration-node-function-amplify_e2e_tests
+            - api_4-amplify_e2e_tests
       - done_with_pkg_linux_e2e_tests:
           context: amplify-cli-ecr
           requires:
             - hostingPROD-amplify_e2e_tests_pkg_linux
             - amplify-app-amplify_e2e_tests_pkg_linux
             - init-amplify_e2e_tests_pkg_linux
-            - function_5-amplify_e2e_tests_pkg_linux
+            - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux
             - predictions-amplify_e2e_tests_pkg_linux
             - schema-predictions-amplify_e2e_tests_pkg_linux
             - amplify-configure-amplify_e2e_tests_pkg_linux
-            - api_4-amplify_e2e_tests_pkg_linux
+            - function_5-amplify_e2e_tests_pkg_linux
             - function_3-amplify_e2e_tests_pkg_linux
             - containers-api-amplify_e2e_tests_pkg_linux
             - interactions-amplify_e2e_tests_pkg_linux
@@ -1905,11 +1905,11 @@ workflows:
             - schema-key-amplify_e2e_tests_pkg_linux
             - analytics-amplify_e2e_tests_pkg_linux
             - notifications-amplify_e2e_tests_pkg_linux
-            - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux
+            - migration-node-function-amplify_e2e_tests_pkg_linux
             - schema-auth-10-amplify_e2e_tests_pkg_linux
             - hosting-amplify_e2e_tests_pkg_linux
             - tags-amplify_e2e_tests_pkg_linux
-            - migration-node-function-amplify_e2e_tests_pkg_linux
+            - api_4-amplify_e2e_tests_pkg_linux
       - amplify_migration_tests_latest:
           context: amplify-cli-ecr
           filters:
@@ -2059,7 +2059,7 @@ workflows:
           filters: *ref_8
           requires:
             - schema-auth-7-amplify_e2e_tests
-      - function_5-amplify_e2e_tests:
+      - schema-iterative-update-locking-amplify_e2e_tests:
           context: amplify-cli-ecr
           post-steps: *ref_7
           filters: *ref_8
@@ -2119,7 +2119,7 @@ workflows:
           filters: *ref_8
           requires:
             - auth_4-amplify_e2e_tests
-      - api_4-amplify_e2e_tests:
+      - function_5-amplify_e2e_tests:
           context: amplify-cli-ecr
           post-steps: *ref_7
           filters: *ref_8
@@ -2335,7 +2335,7 @@ workflows:
           filters: *ref_8
           requires:
             - schema-searchable-amplify_e2e_tests
-      - schema-iterative-update-locking-amplify_e2e_tests:
+      - migration-node-function-amplify_e2e_tests:
           context: amplify-cli-ecr
           post-steps: *ref_7
           filters: *ref_8
@@ -2389,7 +2389,7 @@ workflows:
           filters: *ref_8
           requires:
             - schema-auth-8-amplify_e2e_tests
-      - migration-node-function-amplify_e2e_tests:
+      - api_4-amplify_e2e_tests:
           context: amplify-cli-ecr
           post-steps: *ref_7
           filters: *ref_8
@@ -2457,7 +2457,7 @@ workflows:
           filters: *ref_10
           requires:
             - schema-auth-7-amplify_e2e_tests_pkg_linux
-      - function_5-amplify_e2e_tests_pkg_linux:
+      - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux:
           context: amplify-cli-ecr
           post-steps: *ref_9
           filters: *ref_10
@@ -2521,7 +2521,7 @@ workflows:
           filters: *ref_10
           requires:
             - auth_4-amplify_e2e_tests_pkg_linux
-      - api_4-amplify_e2e_tests_pkg_linux:
+      - function_5-amplify_e2e_tests_pkg_linux:
           context: amplify-cli-ecr
           post-steps: *ref_9
           filters: *ref_10
@@ -2753,7 +2753,7 @@ workflows:
           filters: *ref_10
           requires:
             - schema-searchable-amplify_e2e_tests_pkg_linux
-      - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux:
+      - migration-node-function-amplify_e2e_tests_pkg_linux:
           context: amplify-cli-ecr
           post-steps: *ref_9
           filters: *ref_10
@@ -2811,7 +2811,7 @@ workflows:
           filters: *ref_10
           requires:
             - schema-auth-8-amplify_e2e_tests_pkg_linux
-      - migration-node-function-amplify_e2e_tests_pkg_linux:
+      - api_4-amplify_e2e_tests_pkg_linux:
           context: amplify-cli-ecr
           post-steps: *ref_9
           filters: *ref_10

diff --git a/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts b/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts
@@ -363,8 +363,6 @@ export class ModelAuthTransformer extends Transformer {
     // type will be emitted as well in case of IAM.
     this.propagateAuthDirectivesToNestedTypes(def, rules, ctx);
 
-    const { operationRules, queryRules } = this.splitRules(rules);
-
     // Retrieve the configuration options for the related @model directive
     const modelConfiguration = new ModelDirectiveConfiguration(modelDirective, def);
     // Get the directives we need to add to the GraphQL nodes
@@ -377,6 +375,8 @@ export class ModelAuthTransformer extends Transformer {
 
     this.addTypeToResourceReferences(def.name.value, rules);
 
+    const { operationRules, queryRules } = this.splitRules(rules);
+
     // For each operation evaluate the rules and apply the changes to the relevant resolver.
     this.protectCreateMutation(
       ctx,

diff --git a/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts b/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts
@@ -126,3 +126,74 @@ test('Test simple model with private auth rule and amplify admin app not enabled
   expect(out).toBeDefined();
   expect(out.schema).not.toContain('Post @aws_iam @aws_cognito_user_pools');
 });
+
+test('Test model with public auth rule without all operations and amplify admin app is present', () => {
+  const validSchema = `
+      type Post @model @auth(rules: [{allow: public, operations: [read, update]}]) {
+          id: ID!
+          title: String!
+          createdAt: String
+          updatedAt: String
+      }
+      `;
+  const transformer = new GraphQLTransform({
+    transformers: [
+      new DynamoDBModelTransformer(),
+      new ModelAuthTransformer({
+        authConfig: {
+          defaultAuthentication: {
+            authenticationType: 'API_KEY',
+          },
+          additionalAuthenticationProviders: [
+            {
+              authenticationType: 'AWS_IAM',
+            },
+          ],
+        },
+        addAwsIamAuthInOutputSchema: true,
+      }),
+    ],
+  });
+  const out = transformer.transform(validSchema);
+  expect(out).toBeDefined();
+
+  expect(out.schema).toContain('Post @aws_iam @aws_api_key');
+  expect(out.schema).toContain('createPost(input: CreatePostInput!): Post @aws_iam');
+  expect(out.schema).toContain('deletePost(input: DeletePostInput!): Post @aws_iam');
+  expect(out.schema).toContain('updatePost(input: UpdatePostInput!): Post @aws_api_key @aws_iam');
+});
+
+test('Test simple model with private auth rule, few operations, and amplify admin app not enabled', () => {
+  const validSchema = `
+      type Post @model @auth(rules: [{allow: groups, groups: ["Admin", "Dev"], operations: [read]}]) {
+          id: ID!
+          title: String!
+          createdAt: String
+          updatedAt: String
+      }
+      `;
+  const transformer = new GraphQLTransform({
+    transformers: [
+      new DynamoDBModelTransformer(),
+      new ModelAuthTransformer({
+        authConfig: {
+          defaultAuthentication: {
+            authenticationType: 'AMAZON_COGNITO_USER_POOLS',
+          },
+          additionalAuthenticationProviders: [
+            {
+              authenticationType: 'AWS_IAM',
+            },
+          ],
+        },
+        addAwsIamAuthInOutputSchema: true,
+      }),
+    ],
+  });
+  const out = transformer.transform(validSchema);
+  expect(out).toBeDefined();
+  expect(out.schema).toContain('Post @aws_iam @aws_cognito_user_pools');
+  expect(out.schema).toContain('createPost(input: CreatePostInput!): Post @aws_iam');
+  expect(out.schema).toContain('deletePost(input: DeletePostInput!): Post @aws_iam');
+  expect(out.schema).toContain('updatePost(input: UpdatePostInput!): Post @aws_iam');
+});